django-rest-framework/djangorestframework/tests/authentication.py

from django.conf.urls.defaults import patterns
from django.contrib.auth.models import User
from django.contrib.auth import login
from django.test import Client, TestCase

from django.utils import simplejson as json

from djangorestframework.compat import RequestFactory
from djangorestframework.resource import Resource
from djangorestframework import permissions

import base64


class MockResource(Resource):
    permissions = ( permissions.IsAuthenticated, )
    def post(self, request):
        return {'a':1, 'b':2, 'c':3}

urlpatterns = patterns('',
    (r'^$', MockResource.as_view()),
)


class BasicAuthTests(TestCase):
    """Basic authentication"""
    urls = 'djangorestframework.tests.authentication'

    def setUp(self):
        self.csrf_client = Client(enforce_csrf_checks=True)
        self.username = 'john'
        self.email = 'lennon@thebeatles.com'
        self.password = 'password'
        self.user = User.objects.create_user(self.username, self.email, self.password)       

    def test_post_form_passing_basic_auth(self):
        """Ensure POSTing json over basic auth with correct credentials passes and does not require CSRF"""
        auth = 'Basic %s' % base64.encodestring('%s:%s' % (self.username, self.password)).strip()
        response = self.csrf_client.post('/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
        self.assertEqual(response.status_code, 200)

    def test_post_json_passing_basic_auth(self):
        """Ensure POSTing form over basic auth with correct credentials passes and does not require CSRF"""
        auth = 'Basic %s' % base64.encodestring('%s:%s' % (self.username, self.password)).strip()
        response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json', HTTP_AUTHORIZATION=auth)
        self.assertEqual(response.status_code, 200)

    def test_post_form_failing_basic_auth(self):
        """Ensure POSTing form over basic auth without correct credentials fails"""
        response = self.csrf_client.post('/', {'example': 'example'})
        self.assertEqual(response.status_code, 403)

    def test_post_json_failing_basic_auth(self):
        """Ensure POSTing json over basic auth without correct credentials fails"""
        response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json')
        self.assertEqual(response.status_code, 403)


class SessionAuthTests(TestCase):
    """User session authentication"""
    urls = 'djangorestframework.tests.authentication'

    def setUp(self):
        self.csrf_client = Client(enforce_csrf_checks=True)
        self.non_csrf_client = Client(enforce_csrf_checks=False)
        self.username = 'john'
        self.email = 'lennon@thebeatles.com'
        self.password = 'password'
        self.user = User.objects.create_user(self.username, self.email, self.password)       

    def tearDown(self):
        self.csrf_client.logout()

    def test_post_form_session_auth_failing_csrf(self):
        """Ensure POSTing form over session authentication without CSRF token fails."""
        self.csrf_client.login(username=self.username, password=self.password)
        response = self.csrf_client.post('/', {'example': 'example'})
        self.assertEqual(response.status_code, 403)

    def test_post_form_session_auth_passing(self):
        """Ensure POSTing form over session authentication with logged in user and CSRF token passes."""
        self.non_csrf_client.login(username=self.username, password=self.password)
        response = self.non_csrf_client.post('/', {'example': 'example'})
        self.assertEqual(response.status_code, 200)

    def test_post_form_session_auth_failing(self):
        """Ensure POSTing form over session authentication without logged in user fails."""
        response = self.csrf_client.post('/', {'example': 'example'})
        self.assertEqual(response.status_code, 403)
Yowzers. Final big bunch of refactoring for 0.1 release. Now support Django 1.3's views, admin style api is all polished off, loads of tests, new test project for running the test. All sorts of goodness. Getting ready to push this out now. 2011-02-19 13:26:27 +03:00			`from django.conf.urls.defaults import patterns`
			`from django.contrib.auth.models import User`
			`from django.contrib.auth import login`
Fixes #35 - Import json from django's built-in package (Does cleverness in determing best lib to use) 2011-04-26 23:20:31 +04:00			`from django.test import Client, TestCase`
Urg. Fix broken merging. 2011-04-27 21:36:43 +04:00
Fix some compat issues with json/simplejson 2011-04-25 07:50:28 +04:00			`from django.utils import simplejson as json`

			`from djangorestframework.compat import RequestFactory`
			`from djangorestframework.resource import Resource`
Fix up tests and examples after refactoring 2011-04-27 21:07:28 +04:00			`from djangorestframework import permissions`
Yowzers. Final big bunch of refactoring for 0.1 release. Now support Django 1.3's views, admin style api is all polished off, loads of tests, new test project for running the test. All sorts of goodness. Getting ready to push this out now. 2011-02-19 13:26:27 +03:00
			`import base64`
Fix some compat issues with json/simplejson 2011-04-25 07:50:28 +04:00
Yowzers. Final big bunch of refactoring for 0.1 release. Now support Django 1.3's views, admin style api is all polished off, loads of tests, new test project for running the test. All sorts of goodness. Getting ready to push this out now. 2011-02-19 13:26:27 +03:00
			`class MockResource(Resource):`
Fix up tests and examples after refactoring 2011-04-27 21:07:28 +04:00			`permissions = ( permissions.IsAuthenticated, )`
depercate auth and content arguments to the request handler methods - yea :) 2011-04-11 20:13:11 +04:00			`def post(self, request):`
Yowzers. Final big bunch of refactoring for 0.1 release. Now support Django 1.3's views, admin style api is all polished off, loads of tests, new test project for running the test. All sorts of goodness. Getting ready to push this out now. 2011-02-19 13:26:27 +03:00			`return {'a':1, 'b':2, 'c':3}`

			`urlpatterns = patterns('',`
			`(r'^$', MockResource.as_view()),`
			`)`


			`class BasicAuthTests(TestCase):`
			`"""Basic authentication"""`
			`urls = 'djangorestframework.tests.authentication'`

			`def setUp(self):`
			`self.csrf_client = Client(enforce_csrf_checks=True)`
			`self.username = 'john'`
			`self.email = 'lennon@thebeatles.com'`
			`self.password = 'password'`
			`self.user = User.objects.create_user(self.username, self.email, self.password)`

			`def test_post_form_passing_basic_auth(self):`
			`"""Ensure POSTing json over basic auth with correct credentials passes and does not require CSRF"""`
			`auth = 'Basic %s' % base64.encodestring('%s:%s' % (self.username, self.password)).strip()`
			`response = self.csrf_client.post('/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)`
			`self.assertEqual(response.status_code, 200)`

			`def test_post_json_passing_basic_auth(self):`
			`"""Ensure POSTing form over basic auth with correct credentials passes and does not require CSRF"""`
			`auth = 'Basic %s' % base64.encodestring('%s:%s' % (self.username, self.password)).strip()`
			`response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json', HTTP_AUTHORIZATION=auth)`
			`self.assertEqual(response.status_code, 200)`

			`def test_post_form_failing_basic_auth(self):`
			`"""Ensure POSTing form over basic auth without correct credentials fails"""`
			`response = self.csrf_client.post('/', {'example': 'example'})`
			`self.assertEqual(response.status_code, 403)`

			`def test_post_json_failing_basic_auth(self):`
			`"""Ensure POSTing json over basic auth without correct credentials fails"""`
			`response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json')`
			`self.assertEqual(response.status_code, 403)`


			`class SessionAuthTests(TestCase):`
			`"""User session authentication"""`
			`urls = 'djangorestframework.tests.authentication'`

			`def setUp(self):`
			`self.csrf_client = Client(enforce_csrf_checks=True)`
			`self.non_csrf_client = Client(enforce_csrf_checks=False)`
			`self.username = 'john'`
			`self.email = 'lennon@thebeatles.com'`
			`self.password = 'password'`
			`self.user = User.objects.create_user(self.username, self.email, self.password)`

			`def tearDown(self):`
			`self.csrf_client.logout()`

			`def test_post_form_session_auth_failing_csrf(self):`
			`"""Ensure POSTing form over session authentication without CSRF token fails."""`
			`self.csrf_client.login(username=self.username, password=self.password)`
			`response = self.csrf_client.post('/', {'example': 'example'})`
			`self.assertEqual(response.status_code, 403)`

			`def test_post_form_session_auth_passing(self):`
			`"""Ensure POSTing form over session authentication with logged in user and CSRF token passes."""`
			`self.non_csrf_client.login(username=self.username, password=self.password)`
			`response = self.non_csrf_client.post('/', {'example': 'example'})`
			`self.assertEqual(response.status_code, 200)`

			`def test_post_form_session_auth_failing(self):`
			`"""Ensure POSTing form over session authentication without logged in user fails."""`
			`response = self.csrf_client.post('/', {'example': 'example'})`
			`self.assertEqual(response.status_code, 403)`
Fix some compat issues with json/simplejson 2011-04-25 07:50:28 +04:00